MicroStrategy ONE
Best Practices for MicroStrategy Storage Service
Consider the following best practices for using the MicroStrategy Storage service:
Shared Storage System
For improved performance and scalability, MicroStrategy recommends that you use AWS S3 and Azure Blob instead of Shared Folder.
If you are using AWS S3, MicroStrategy recommends that you use IAM roles for improved security. See the following IAM role that allows machine access to S3 without requiring secrets:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"VisualEditor0",
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:ListBucket",
"s3:DeleteObject",
"s3:ListMultipartUploadParts"
],
"Resource":[
"arn:aws:s3:::sdk-s3-test",
"arn:aws:s3:::sdk-s3-test/mstr/*"
]
}
]
}
If you are using Azure Blob, MicroStrategy recommends that you IAM roles for improved security. See the following IAM role that allows machine access to Blob without requiring secrets:
{
"id": "xxx",
"properties": {
"roleName": "Storage Blob Data Contributor Customized",
"description": "Allows for read, write and delete access to Azure Storage blob data",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
],
"notDataActions": []
}
]
}
}
If you are use Google Cloud Storage, MicroStrategy recommends using IAM roles for improved security. You should assign the IAM role of the relevant account on Google Cloud Console to roles/storage.objectUser. This user should have access to create, read, update, and delete objects and multipart uploads in Google Cloud Storage.
If you use Shared Folder, see the following steps for an example to mount an NFS shared folder in Linux:
- Ensure the shared folder is set up and accessible from a network using NFS.
- Create a mount point that will be used to access the shared folder. For example, you can create a directory called /mnt/sharedfolder.
- Install the nfs-common package.
- Mount the Shared Folder using the following template:
- Replace servername with the NFS server name or IP address.
- Replace sharedfolder with the Shared Folder that you want to mount.
- Configure the mount point in Workstation and test the connection.
sudo mount -t nfs servername:/sharedfolder /mnt/sharedfolder
You may need to update NFS permissions and firewall settings to ensure proper access to the Shared Folder.
If you want to use CIFS to mount a Windows Shared Folder to Linux, see the following steps:
- Ensure the shared folder is set up and accessible from a network using CIFS.
- Create a mount point that will be used to access the shared folder. For example, you can create a directory called /mnt/sharedfolder.
- Install the cifs-utils package.
- Mount the Shared Folder using the following template:
- Replace servername and sharedfolder with the name and path of the shared folder.
- Replace username and password with your Shared Folder credentials.
sudo mount -t cifs //servername/sharedfolder /mnt/sharedfolder -o user=username,password=password
MicroStrategy Repository
You can Configure Library Storage Service Using the Installation Wizard.
Check the Storage Service Installed Successfully
You can check that Storage service installed successfully using two methods:
- The Installation Wizard installs a local database if the local repository is selected. The Installation Wizard configures the <DEPLOY_LOCATION>/webapps/MicroStrategyLibrary/WEB-INF/ classes/config/configOverride.properties file to point to the local/remote repository. If there are database settings in that file, the Storage service installed successfully. For more information on configuration properties, see Storage Service Configuration Properties.
- After you configure the database, you can go to Workstation to configure your Shared storage system to AWS S3, Azure Blob, Google Cloud Storage, or Shared Folder.
Configure the Storage Service in the Library Cluster
If you are using a Library cluster, you must configure all nodes to the same database (local MicroStrategy repository or remote repository) in the same cluster.
For improved scalability and self management, MicroStrategy suggests remote repository instead of local repository.
Frequently Asked Questions
How is the storage service used by different features?
-
Migration Storage is used to store all migration packages. For example, the source environment stores the package in a location. The target fetches the package from the location and writes the undo packages into it. In this case, the source and target environments must use the same storage.
-
Workflow or other services Storage is used to store binary files, which can be very large.
How can I resolve the error, "The API requires MicroStrategy Storage Service. Please contact your administrator."?
One possible reason this error occurs is that the database for Library is not configured or cannot be connected.
The installation automatically creates an mstr_library database and mstr_library schema. The mstr_library and mstr_library_application database users are created. A related connection string is added automatically to the <DEPLOY_LOCATION>/webapps/MicroStrategyLibrary/WEB-INF/
file.
classes/config/configOverride.properties
If the required connection string cannot be found, the install process will encounter issues. The required string format is 'datasource.url', 'datasource.admin.username', 'datasource.admin.password', 'datasource.username' and 'datasource.password'. See Storage Service Configuration Properties for more details.
If the required connection string is found, you can use the psql client or other tools (pgAdmin) to check if the connection has issues.
Which user needs to have access to the shared folder if it is used? Is it the user that runs the Tomcat application for Library or the users that runs Workstation?
The user that executes Tomcat should access the shared folder. Since the shared folder is protected on the back end, all read/write is from the Tomcat execution user.
Does the firewall need to be open between environments when a shared folder is used?
No. Both environments must have access to the same shared folder. Some network configuration may be required to do this.